pkg:Go/goauthentik.io

All known vulnerabilities

• HIGH8.7CVE-2024-42490authentik has Insufficient Authorization for several API endpoints
  >= 2024.6.0-rc1, < 2024.6.4
• HIGH8.7CVE-2024-42490authentik has Insufficient Authorization for several API endpoints
  from 0
• HIGH8.5CVE-2026-47201authentik's XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user
  from 0, < 0.0.0-20260528144335-a370d76d23c7
• MEDIUM6.5CVE-2024-23647PKCE downgrade attack in Authentik
  from 0
• MEDIUM6.5CVE-2024-23647PKCE downgrade attack in Authentik
  >= 2023.10.0, < 2023.10.7
• MEDIUM5.8CVE-2025-64708authentik invitation expiry is delayed by at least 5 minutes
  from 0
• MEDIUM5.8CVE-2025-64708authentik invitation expiry is delayed by at least 5 minutes
  from 0, < 0.0.0-20251119135424-6672e6aaa41e
• MEDIUM4.8CVE-2025-64521authentik deactivated service accounts can authenticate to OAuth
  from 0, < 0.0.0-20251119140106-9dbdfc3f1be0
• MEDIUM4.8CVE-2025-64521authentik deactivated service accounts can authenticate to OAuth
  from 0
• —CVE-2025-53942authentik has an insufficient check for account active status during OAuth/SAML authentication
  from 0, < 0.0.0-20250722122105-7a4c6b9b50f8
• —CVE-2025-53942authentik has an insufficient check for account active status during OAuth/SAML authentication
  from 0